I am experiencing problems receiving messages from some ISPs and seem to have narrowed the issue to greylisting (which I have now switched off). The ISPs are the big ones, btinternet.com, yahoo, AOL who have large numbers of servers.

What I think is happening, is that the initial mail attempt is made from Server 1 and the link is dropped and the IP added to the Greylist Cache. The ISP tries again, but this time from Server 2. Again the link is dropped and the second IP added to the Greylist Cache. Sometimes, the mail is received from one of the current Greylist IPs andthis is then added to the accepted list and the mail is forwarded. However if the ISP has many servers working in parallel, it never comes from the same IP twice and is never delivered.

Is anybody else experiencing this? or have I another problem I have not thought of?

Unfortunately that is one of the side-effects of using greylisting. Per RFC, if a server experiences a temporary failure code while sending an email (which is exactly what greylisting does), the RFC states that the server should retry delivery after a brief delay. Unfortunately large ISP often do not abide by the RFC, and in case of a temporary failure they will defer delivery to a different SMTP server on their network. This new server will have a new IP, and when this IP connects to SpamFilter (or any other anti-spam server that uses greylisting), this new IP will again be subjected to the greylist filter, causing the initial connection to be delayed. If the ISP then again violates RFC and defers delivery to a third of their mail servers, you see how this process will become an issue.

Eventually most IPs from the large ISPs will be cached by the greylist filters, but the more mail relays they use, the longer this will take, causing some initial mail delays.

This is why we ship SpamFilter with the greylist filter disabled by default. Greylisting is a great asset to stop spam, but it can cause delays with larger providers. You can manually add IPs/networks you wish to have excluded, just as I mentioned in the other posting saw today (http://www.logsat.com/SpamFilter/Forums/forum_posts.asp?TID=6942#14084), but admins will need to decide if it is better for their needs to enable or disable the greylist filter, knowing its downsides.

Actually most spambots so far do not retry the operation and just move on, as it's not worth for them to spend time retrying. Sometimes they still make it past the greylist filter as they have a large number of email addresses for one domain, so as they keep trying the other email addresses, eventually this will cause the initial 5-10 minute delay of the greylist filter to elapse and start accepting connection form the spambot. But in the meantime, hundreds of email attempts to other users have still been stopped.

Whether to implement it or not depends ont he admin and your customers. If they complain too much because of the initial delays that this filter causes, you may want to disable it. But if you're happy (and especially if your customers are happy) with the low spam that is allowed thru when using it, then you should enable it.

As a featurerequestit would be greatif we could seein the statistics,how manyemailswere rejectedbythegreylistfunctionandall other filtersalso. So we could see at a glance which filters are worthwhile to activate.

Sorry for bother you again with this topic, but the problem becomes worse and worse.

I mean, of course you are right and the big provider like Yahoo is violating the RFC rules, but honestly, we as your customers, and our customers as well which use a Yahoo email address, don't care who is the bad guy, they just want to be able to send emails. If it would happen only with a small provider we could just suggest our customers to change to another one, but with Yahoo, one of the biggest?

So I checked just out how other Spamfilter manufacturer are handling this problem and many of them have the possibility to do exclusions on IP and Hostname level.

Have you manually added the IPs to the greylist filter as discussed in the other thread above? Spammers can (very) easily spoof the reverse DNS host name of an IP, and provide false information in the EHLO and MAIL FROM commands incorrectly identifying themselves as *.yahoo.com. Doing so would immediately render the greylist filter useless in such cases. This is why we solely rely on checking the IP addresses of the senders.

Yes we added your IPs to the list, but Yahoo has more servers and there are not all included so far.I will give up then and really think about to disable the greylist filter and see what happens then. What is worse? Mails from customers we never get or more spam.....we will see.

@yapadu

Right now we have 43'000 entries in the GreyListAllowed file, but still every week some customers who call us because they can't get through. Good if it works well for you, for us also many years, but now the Yahoo complaints are piling up.

Fully agree, better to give it a try than to turn it off.But I guess it will help just for a short time, because we haven't that much traffic as you, so some of the Yahoo servers willdisappear quicklyfrom thelist after a few weeks.

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot delete your posts in this forumYou cannot edit your posts in this forumYou cannot create polls in this forumYou cannot vote in polls in this forum